Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XJupyter Server
APPJupyter< 2.20.0
Related vulnerabilities
A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin vali...
A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boun...
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header ...
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to...
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal v...